Fix: do not guard dynamic_instrumentation_service behind starting_at_board_api
move `type dynamic_instrumentation_service` from public/service.te to
private/service.te, and remove the guard. Remove the guard from the
related files in `private/` as well as from `202404.ignore.cil`.
Bug: 296108553
Test: TH
Flag: EXEMPT SEPolicy change that does not remove access
Change-Id: I48de5af50337ca282afcc844cd4b48654c8b7005
diff --git a/private/compat/202404/202404.ignore.cil b/private/compat/202404/202404.ignore.cil
index 1c108cf..4430364 100644
--- a/private/compat/202404/202404.ignore.cil
+++ b/private/compat/202404/202404.ignore.cil
@@ -23,7 +23,6 @@
media_quality_service
advanced_protection_service
sysfs_firmware_acpi_tables
- dynamic_instrumentation_service
intrusion_detection_service
wifi_mainline_supplicant_service
))
diff --git a/private/service.te b/private/service.te
index 7e89300..dde4bd2 100644
--- a/private/service.te
+++ b/private/service.te
@@ -62,6 +62,7 @@
type uce_service, service_manager_type;
type wearable_sensing_service, app_api_service, system_server_service, service_manager_type;
type wifi_mainline_supplicant_service, service_manager_type;
+type dynamic_instrumentation_service, app_api_service, system_server_service, service_manager_type;
###
### Neverallow rules
diff --git a/private/service_contexts b/private/service_contexts
index 1478e93..2e050eb 100644
--- a/private/service_contexts
+++ b/private/service_contexts
@@ -188,9 +188,7 @@
app_binding u:object_r:app_binding_service:s0
app_function u:object_r:app_function_service:s0
app_hibernation u:object_r:app_hibernation_service:s0
-starting_at_board_api(202504, `
- dynamic_instrumentation u:object_r:dynamic_instrumentation_service:s0
-')
+dynamic_instrumentation u:object_r:dynamic_instrumentation_service:s0
app_integrity u:object_r:app_integrity_service:s0
app_prediction u:object_r:app_prediction_service:s0
app_search u:object_r:app_search_service:s0
diff --git a/private/uprobestats.te b/private/uprobestats.te
index c55f23d..d778126 100644
--- a/private/uprobestats.te
+++ b/private/uprobestats.te
@@ -24,9 +24,7 @@
# For registration with system server as a process observer.
binder_use(uprobestats)
allow uprobestats activity_service:service_manager find;
-starting_at_board_api(202504, `
- allow uprobestats dynamic_instrumentation_service:service_manager find;
-')
+allow uprobestats dynamic_instrumentation_service:service_manager find;
binder_call(uprobestats, system_server);
# Allow uprobestats to talk to native package manager
diff --git a/public/service.te b/public/service.te
index 854ceef..312c592 100644
--- a/public/service.te
+++ b/public/service.te
@@ -75,9 +75,6 @@
type app_function_service, app_api_service, system_server_service, service_manager_type;
')
type app_hibernation_service, app_api_service, system_api_service, system_server_service, service_manager_type;
-starting_at_board_api(202504, `
- type dynamic_instrumentation_service, app_api_service, system_server_service, service_manager_type;
-')
type app_integrity_service, system_api_service, system_server_service, service_manager_type;
type app_prediction_service, app_api_service, system_server_service, service_manager_type;
type app_search_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;